Archive snapshot

Fri, Jun 05 · 06:00 AM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Fri, Jun 05 · 06:00 AM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

1

NVD vulnerabilities

25

Top stories

Fri, 05 Jun 2026 14:08:59 +0530

Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites

9.3/10 · Must read/watch

The Hacker Newsvuln

Summary
Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise. The vulnerability in question is CVE-2026-3300 (CVS

Open article ↗

Fri, 05 Jun 2026 12:31:41 +0530

FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins

9.2/10 · Must read/watch

The Hacker Newsmalwareai

Summary
Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff. Recent reports describe thousands of lookalike FIFA domains, banking malware hidden inside pirate streaming a

Open article ↗

Fri, Jun 05 · 06:00 AM CDT

Infosecurity Europe: OWASP Introduces Agentic AI Security Maturity Framework

9.1/10 · Must read/watch

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, Jun 05 · 06:00 AM CDT

Infosecurity Europe: AI Coding Tools Need Built-In Security for Agentic Development Era

9.1/10 · Must read/watch

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, Jun 05 · 06:00 AM CDT

Infosecurity Europe: Reactive Security Is Failing Healthcare Organizations, Experts Warn

8.7/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Fri, Jun 05 · 06:00 AM CDT

Infosecurity Europe: AI Adoption Creates New Opportunities for Attackers to Distribute Malware, Microsoft Warns

8.5/10 · Worth your time

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, Jun 05 · 06:00 AM CDT

Infosecurity Europe: Mythos Outperforms GPT5.5 on Google Chrome Vulnerability Exploits, Says New Benchmark

8.5/10 · Worth your time

Infosecurity Magazinevuln

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, Jun 05 · 04:00 AM CDT

Ohbin – uv wrapper for installing tools from GitHub

8.4/10 · Worth your time

Hacker Newssupply-chain

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 2 hours ago.

Open article ↗

Fri, Jun 05 · 01:00 AM CDT

Fine-tuning an LLM to write docs like it's 1995

8.2/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 5 hours ago.

Open article ↗

Fri, Jun 05 · 05:44 AM CDT

Ask HN: Is the web for machines (/llm.txt) the one we wished we had as humans?

8.2/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 16 minutes ago.

Open article ↗

Videos worth watching

Thu, Jun 04 · 11:11 AM CDT

BIG SHOW TODAY & AI vibes

8.1/10 · Worth your time

YouTube / John Hammondai

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

Thu, May 28 · 09:16 PM CDT

CVE-2026-46840

10.0/10 · Must read/watch

NVDvuln

Summary
Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data Ser

CVECVE-2026-46840

SeverityCRITICAL

TypeUPDATED

PublishedThu, May 28 · 09:16 PM CDT

ModifiedThu, Jun 04 · 02:01 PM CDT

Open article ↗

Thu, May 28 · 09:16 PM CDT

CVE-2026-46839

9.9/10 · Must read/watch

NVDvuln

Summary
Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data Services, attacks ma

CVECVE-2026-46839

SeverityCRITICAL

TypeUPDATED

PublishedThu, May 28 · 09:16 PM CDT

ModifiedThu, Jun 04 · 01:58 PM CDT

Open article ↗

Thu, May 28 · 10:16 AM CDT

CVE-2026-9813

9.9/10 · Must read/watch

NVDvuln

Summary
FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specified destination. Due t

CVECVE-2026-9813

SeverityCRITICAL

TypeUPDATED

PublishedThu, May 28 · 10:16 AM CDT

ModifiedThu, Jun 04 · 06:03 PM CDT

Open article ↗

Fri, Jun 30 · 03:29 AM CDT

CVE-2017-6034

9.8/10 · Must read/watch

NVDvuln

Summary
An authentication bypass by capture-replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download.

CVECVE-2017-6034

SeverityCRITICAL

TypeUPDATED

PublishedFri, Jun 30 · 03:29 AM CDT

ModifiedThu, Jun 04 · 10:16 PM CDT

Open article ↗

Tue, Aug 13 · 07:15 PM CDT

CVE-2024-7593

9.8/10 · Must read/watch

NVDvuln

Summary
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

CVECVE-2024-7593

SeverityCRITICAL

TypeUPDATED

PublishedTue, Aug 13 · 07:15 PM CDT

ModifiedFri, Jun 05 · 12:25 AM CDT

Open article ↗

Wed, Sep 17 · 12:15 PM CDT

CVE-2025-10439

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yordam Informatics Yordam Library Automation System allows SQL Injection. This issue affects Yordam Library Automation System: from 21.5 & 21.6 before 21.7.

CVECVE-2025-10439

SeverityCRITICAL

TypeUPDATED

PublishedWed, Sep 17 · 12:15 PM CDT

ModifiedFri, Jun 05 · 09:16 AM CDT

Open article ↗

Tue, Oct 14 · 01:15 PM CDT

CVE-2025-10610

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection. This issue affects Winsure: through Version dated 21.08.2025.

CVECVE-2025-10610

SeverityCRITICAL

TypeUPDATED

PublishedTue, Oct 14 · 01:15 PM CDT

ModifiedFri, Jun 05 · 09:16 AM CDT

Open article ↗

Thu, Feb 12 · 02:16 PM CST

CVE-2025-10969

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection. This issue affects E-Commerce Package: through 27112025.

CVECVE-2025-10969

SeverityCRITICAL

TypeUPDATED

PublishedThu, Feb 12 · 02:16 PM CST

ModifiedFri, Jun 05 · 08:16 AM CDT

Open article ↗

Fri, Feb 20 · 12:16 PM CST

CVE-2025-10970

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection. This issue affects Talentics: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVECVE-2025-10970

SeverityCRITICAL

TypeUPDATED

PublishedFri, Feb 20 · 12:16 PM CST

ModifiedFri, Jun 05 · 07:16 AM CDT

Open article ↗

Thu, Oct 23 · 01:15 PM CDT

CVE-2025-11023

9.8/10 · Must read/watch

NVDvuln

Summary
Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows PHP Local File Inclusion. This issue affects AcBakImzala: before v5.1.4.

CVECVE-2025-11023

SeverityCRITICAL

TypeUPDATED

PublishedThu, Oct 23 · 01:15 PM CDT

ModifiedThu, Jun 04 · 08:16 PM CDT

Open article ↗

Tue, Feb 10 · 09:16 AM CST

CVE-2025-11242

9.8/10 · Must read/watch

NVDvuln

Summary
Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows Server Side Request Forgery. This issue affects Okulistik: through 21102025.

CVECVE-2025-11242

SeverityCRITICAL

TypeUPDATED

PublishedTue, Feb 10 · 09:16 AM CST

ModifiedThu, Jun 04 · 08:16 PM CDT

Open article ↗

Fri, Feb 27 · 12:16 PM CST

CVE-2025-11251

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection. This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosure but did not respon

CVECVE-2025-11251

SeverityCRITICAL

TypeUPDATED

PublishedFri, Feb 27 · 12:16 PM CST

ModifiedThu, Jun 04 · 08:16 PM CDT

Open article ↗

Fri, Feb 27 · 01:16 PM CST

CVE-2025-11252

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection. This issue affects windesk.Fm: before v2.3.4. NOTE: The vendor patched the vulnerability after the CVE was published.

CVECVE-2025-11252

SeverityCRITICAL

TypeUPDATED

PublishedFri, Feb 27 · 01:16 PM CST

ModifiedThu, Jun 04 · 08:16 PM CDT

Open article ↗

Fri, Oct 24 · 09:15 AM CDT

CVE-2025-11253

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aksis Technology Inc. Netty ERP allows SQL Injection. This issue affects Netty ERP: before V.1.1000.

CVECVE-2025-11253

SeverityCRITICAL

TypeUPDATED

PublishedFri, Oct 24 · 09:15 AM CDT

ModifiedThu, Jun 04 · 08:16 PM CDT

Open article ↗

Thu, Sep 18 · 09:15 PM CDT

CVE-2025-54807

9.8/10 · Must read/watch

NVDvuln

Summary
The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system.

CVECVE-2025-54807

SeverityCRITICAL

TypeUPDATED

PublishedThu, Sep 18 · 09:15 PM CDT

ModifiedThu, Jun 04 · 08:16 PM CDT

Open article ↗

Thu, May 28 · 09:16 PM CDT

CVE-2026-46817

9.8/10 · Must read/watch

NVDvuln

Summary
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnera

CVECVE-2026-46817

SeverityCRITICAL

TypeUPDATED

PublishedThu, May 28 · 09:16 PM CDT

ModifiedThu, Jun 04 · 01:45 PM CDT

Open article ↗

Tue, May 19 · 02:16 PM CDT

CVE-2026-47323

9.8/10 · Must read/watch

NVDvuln

Summary
Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http) only filter outbound Camel-

CVECVE-2026-47323

SeverityCRITICAL

TypeUPDATED

PublishedTue, May 19 · 02:16 PM CDT

ModifiedThu, Jun 04 · 01:27 PM CDT

Open article ↗

Fri, May 29 · 09:16 AM CDT

CVE-2026-49199

9.8/10 · Must read/watch

NVDvuln

Summary
Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.

CVECVE-2026-49199

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 29 · 09:16 AM CDT

ModifiedThu, Jun 04 · 07:44 PM CDT

Open article ↗

Thu, Apr 23 · 07:17 PM CDT

CVE-2026-6074

9.8/10 · Must read/watch

NVDvuln

Summary
Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended directory.

CVECVE-2026-6074

SeverityCRITICAL

TypeUPDATED

PublishedThu, Apr 23 · 07:17 PM CDT

ModifiedThu, Jun 04 · 10:16 PM CDT

Open article ↗

Thu, Apr 23 · 09:16 PM CDT

CVE-2026-6942

9.8/10 · Must read/watch

NVDvuln

Summary
radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2_cmd_str(). Attackers can inject shell metacharacters through the jsonrpc inte

CVECVE-2026-6942

SeverityCRITICAL

TypeUPDATED

PublishedThu, Apr 23 · 09:16 PM CDT

ModifiedThu, Jun 04 · 02:19 PM CDT

Open article ↗

Tue, May 26 · 06:16 PM CDT

CVE-2026-7251

9.8/10 · Must read/watch

NVDvuln

Summary
Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have full access to all control

CVECVE-2026-7251

SeverityCRITICAL

TypeUPDATED

PublishedTue, May 26 · 06:16 PM CDT

ModifiedThu, Jun 04 · 10:16 PM CDT

Open article ↗

Tue, Dec 09 · 04:17 PM CST

CVE-2025-11022

9.6/10 · Must read/watch

NVDvuln

Summary
Cross-Site Request Forgery (CSRF) vulnerability in Personal Project Panilux allows Cross Site Request Forgery. This CSRF vulnerability resulting in Command Injection has been identified. This issue affects Panilux: before v.0.10.0. NOTE: The vendor was contacted and responded that they deny ownership of the mentioned p

CVECVE-2025-11022

SeverityCRITICAL

TypeUPDATED

PublishedTue, Dec 09 · 04:17 PM CST

ModifiedFri, Jun 05 · 07:16 AM CDT

Open article ↗

Wed, May 27 · 03:16 PM CDT

CVE-2026-45570

9.6/10 · Must read/watch

NVDvuln

Summary
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A repository path containing a single quote can th

CVECVE-2026-45570

SeverityCRITICAL

TypeUPDATED

PublishedWed, May 27 · 03:16 PM CDT

ModifiedThu, Jun 04 · 06:00 PM CDT

Open article ↗

Mon, May 25 · 07:16 AM CDT

CVE-2026-2651

9.0/10 · Must read/watch

NVDvuln

Summary
A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints, enabling attackers to overwrite artifacts belon

CVECVE-2026-2651

SeverityCRITICAL

TypeUPDATED

PublishedMon, May 25 · 07:16 AM CDT

ModifiedThu, Jun 04 · 03:41 PM CDT

Open article ↗

Thu, Sep 25 · 02:15 PM CDT

CVE-2025-10467

8.9/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Stored XSS. This issue affects OBS (Student Affairs Information System): before v25.0401.

CVECVE-2025-10467

SeverityHIGH

TypeUPDATED

PublishedThu, Sep 25 · 02:15 PM CDT

ModifiedFri, Jun 05 · 09:16 AM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.